1. Field of the Invention
This invention relates to processors, and more particularly, to techniques for securing virtual memory address translations within a processor.
2. Description of the Related Art
Many computer systems include, among other components, a processor for processing data and performing various functions, some type of system memory for storing data being processed by the processor, and one or more peripheral devices that may serve as sources and/or destinations for data, such as mass storage devices. Often, large quantities of data may need to be transferred from a peripheral device to system memory or vice versa. Rather than having the processor coordinate the details of such a transfer, in some system embodiments a direct transfer (also referred to as a direct memory access (DMA) transfer) between the peripheral device and the system memory be may supported. In a DMA transfer, a peripheral device may autonomously generate requests to access system memory without intervention on the part of the processor, thus potentially freeing the processor to perform other tasks.
In some embodiments, the processor may support a virtual memory system in which the memory address space made available to software applications (e.g., a virtual memory address space) is a distinct address space from the memory address space used to address system memory (e.g., a physical memory address space). In such a virtual memory system, a correspondence or translation may be established between a given virtual address and a given physical address. During system operation, a request to access system memory that specifies a virtual memory address may be converted into a request that specifies a physical memory address through use of an established translation.
Peripheral devices involved in DMA transfers to system memory may specify virtual memory addresses that may require translation to physical addresses before the corresponding data being transferred is presented to system memory. In some embodiments, many different peripheral devices may be capable of generating virtually-addressed memory requests requiring translation. However, if translation information is made globally available to a number of different peripheral devices, system security and/or stability may be compromised. For example, an errant or malicious peripheral device may incorrectly or improperly generate requests to access or modify data stored at a virtual address, and such requests may otherwise be indistinguishable from legitimate requests. As a result, critical data may be corrupted or compromised, which may result in incorrect system operation, data theft, or other adverse consequences.